Forensic firm finds that Snapchat is subject to the conventions of solid-state.

A forensics firm has found that Snapchat, an app whose killer feature is that it deletes photos sent between users once they’ve been viewed, does not actually delete photos once they’ve been viewed. According to KSL.com, the app saves the images to the device and, once they’re viewed, changes the file extension so they’re no longer accessible.

Utah-based Decipher Forensics claims that the photos take about six hours to extract, though most of that time is spent imaging the phone’s data. So far, Decipher has only managed to penetrate Android phones. The images reside in a folder on the recipient’s device named RECEIVED_IMAGES_SNAPS.

Once the files have been viewed within the time constraints of the app, the app affixes the extension .NOMEDIA to make it less readable. However, if the files are extracted and the extension is changed, the images are viewable once again.

The real problem is that rather than overwriting the space that the images occupy on the phone’s disk, the app just marks the space as unallocated. The data then remains written there until it’s overwritten by something else (this is standard practice with solid-state storage). Hence, the recoverability of Snapchat photos is not any more notable than locally deleted files from any other app; it’s just an unfortunate convention of the type of storage that smartphones use. Snapchat did not respond immediately to requests for comment.